Jan Harkes <jaharkes_at_cs.cmu.edu> writes:

Your changes sound like excellent forward progress.

Do I understand correctly that venus trying to recheck suspect rights
may result in a 'yes' or 'no' from the server, and that 'no' will lead
to denied local access, but failing to get an answer will be esesntially
the same as not trying to check?

> Restarting venus allows full access to cached objects that our userid
> had accessed before the restart. Same thing when a token is lost. For
> the most part semantics seem sane, although there are a few cases that I
> still want to test. For instance what happens when we try to access a
> cached directories with an expired token (which is essentially allowed)
> but the directory was updated on the servers so we can't actually fetch
> the updated copy. Will we simply see the stale copy that is in the
> cache, or will the failing getattr call also kill access to the cached
> copy. i.e. someone may have just added a file, or maybe the ACL was
> changed, there is no way for the client to tell either of these cases
> apart if we don't have an authenticated connection.

There's a semi-separate issue which is whether to present
unauthenticated data to a client at all.   I'd argue that only
authenticated replies from the server for acls or about new VVs should
be accepted, so while there are no tokens no updates are obtained and
it's like one is disconnected.